Online Template Attacks: Revisited

An online template attack (OTA) is a powerful technique previously used to elliptic curve scalar multiplication algorithms. This has only been analyzed in the realm of power consumption and EM side channels, where signals leak related value being processed. However, microarchitecture have no such feature, invalidating some assumptions from previous OTA works.In this paper, we revisit descriptions, proposing generic framework evaluation metrics for any side-channel signal. Our analysis reveals features not considered, increasing its application scenarios requiring fresh countermeasure prevent it.In regard, demonstrate that OTAs can work backward direction, allowing mount an augmented projective coordinates with respect proposal by Naccache, Smart Stern (Eurocrypt 2004). demonstrates randomizing initial targeted algorithm state does as believed works.We analyze three libraries libgcrypt, mbedTLS, wolfSSL using two channels. For libgcrypt case, target EdDSA implementation Curve25519 twist curve. We obtain similar results mbedTLS secp256r1. each library, execute extensive instances are able recover complete all cases single trace.This attacks also very scenario, recovering secret information without knowing leakage model. highlights importance developing secure-by-default implementations, instead fix-on-demand ones.